{% comment %}
Template returned for invalid requests to /iframe (Invalid project or referring domain).
Required context variables:
- referrer:         string. HTTP header from the request object.
- has_project:      boolean.
- allow_origin:     boolean. Required if has_project=false.
{% endcomment %}
{% load sentry_assets %}
<!DOCTYPE html>
<html lang="en">
  <head>
    <title>Invalid Request - Sentry DevToolbar iFrame</title>
    <link rel="icon" type="image/png" href="{% absolute_asset_url "sentry" "images/favicon.png" %}">
  </head>
  <body>
    {% script %}
    <script>
      const referrer = "{{ referrer|escapejs }}";

      {% if not has_project %}
      console.log('Project does not exist.');
      window.parent.postMessage({
        source: 'sentry-toolbar',
        message: 'missing-project',
      }, referrer);

      {% elif not allow_origin %}
      console.log('Invalid referring domain: %s', referrer);
      window.parent.postMessage({
        source: 'sentry-toolbar',
        message: 'invalid-domain',
      }, referrer);

      {% endif %}
    </script>
    {% endscript %}

{% comment %}
No need to close `body`. If we do then middleware will inject some extra markup
we don't need. Browsers can figure out when it missing and deal with it.
{% endcomment %}
